There are many aspects to data security, but overall they boil down to knowing and controlling who has access to it. Firewalls and perimeter-based security try to keep intruders out, but intruders inevitably break in or are let in when employees fall for phishing emails. And once intruders get into your network, they can move around to access other servers with more sensitive, valuable information. The microsegmentation built into hyperconverged infrastructure from Nutanix means you have fine-grained control over your network that lets you block intruders from accessing data even if they’ve made it past your external defenses.
Virtualization Makes Microsegmentation Possible
Microsegmentation is possible because of network virtualization. With networks defined and managed through software, security policies can be applied at any level: network, virtual machine, or even specific workload. The policies can travel with the VM or workload, making network security constant even as your architecture changes; security doesn’t depend on specific network security hardware devices having specific rules and configurations.
Maintaining security despite changes is a big advantage in modern data centers. There’s been a big increase in “east-west” data and dynamic cloud environments mean servers come and go. Manually updating security settings can’t keep up with this change; the persistent protection of microsegmentation means security isn’t undermined by network churn.
Microsegmentation Network Security Use Cases
Using microsegmentation lets you apply a central security policy consistently across all virtual machines as well as implementing specific desirable protections:
- prevent development or test data traffic from accidentally targeting production applications
- ring-fence applications so that only specified applications can talk to each other or to the internet or specific services
- quarantine virtual machines found to be infected with malware
Microsegmentation in Nutanix
Although the goal of hyperconverged infrastructure is to bring together the IT resources for easier management, most of the focus has been on the compute and storage capabilities. This year, Nutanix added support for microsegmentation to its network management, making its network features as significant as its compute and storage ones.
Using Nutanix Acropolis Microsegmentation Services, the data flows between workloads can be easily managed, monitored, protected, and secured. Protection is applied at the application level and coordinates with firewall configuration and intrusion detection software from third parties. Data center staff can use flow visualization tools to see how data moves between applications and machines. The resultant protections are more reliable and flexible than complicated lists of ports and IP address that are allowed to access them.
By using the microsegmentation capability in Nutanix’s hyperconverged infrastructure, data centers gain the same level of simplified control over their network security that they get over servers and storage. Contact us to learn more about how Nutanix and hyperconverged infrastructure can simplify your data center management.